Python Scripts to Interact with VirusTotal, Malwares.com and Google Safe Browsing.
This is an intelligence tool to investigate IP/Domain reputation via virustotal, malwares.com and google safebrowsing. It supports sending output to slack and save output to local machine with csv and json type.
pip install -r requirements.txt
- Python 2.7
- Argparse
- Requests
- API keys from VirusTotal, Malware.com and Google Safe Browsing(Enter API Keys on key.json)
$ python scan.py -c key.json -v -url kingskillz.ru
{'positives': 16, 'response_code': 1, 'total': 70, 'resource': u'kingskillz.ru'}
{'domain_siblings': [], 'BitDefender domain info': 67, 'undetected_referrer_samples': 2, 'whois_timestamp': 1480012951.01238, 'detected_downloaded_samples': 6, 'response_code': 1, 'Malwarebytes hpHosts info': 47, 'subdomains': [u'blog.kingskillz.ru', u'test.kingskillz.ru', u'wp.kingskillz.ru', u'www.kingskillz.ru'], 'Websense ThreatSeeker category': u'bot networks', 'undetected_downloaded_samples': 8, 'resolutions': 6, 'verbose_msg': u'Domain found in dataset', 'Opera domain info': 66, 'detected_urls': 57, 'categories': [u'bot networks']}
$ python scan.py -c key.json -v -url kingskillz.ru
{'positives': 16, 'response_code': 1, 'total': 70, 'resource': u'kingskillz.ru'}
{'domain_siblings': [], 'BitDefender domain info': 67, 'undetected_referrer_samples': 2, 'whois_timestamp': 1480012951.01238, 'detected_downloaded_samples': 6, 'response_code': 1, 'Malwarebytes hpHosts info': 47, 'subdomains': [u'blog.kingskillz.ru', u'test.kingskillz.ru', u'wp.kingskillz.ru', u'www.kingskillz.ru'], 'Websense ThreatSeeker category': u'bot networks', 'undetected_downloaded_samples': 8, 'resolutions': 6, 'verbose_msg': u'Domain found in dataset', 'Opera domain info': 66, 'detected_urls': 57, 'categories': [u'bot networks']}
$ python scan.py -c key.json -m -url kingskillz.ru
{'smishing': 0, 'positives': 17, 'response_code': 'Data exists', 'resource': u'http://kingskillz.ru'}
$ python scan.py -c key.json -v -m -ip 8.8.8.8
{'resource': '8.8.8.8', 'detected_downloaded_samples': 9, 'response_code': 1, 'as_owner': u'Google Inc.', 'detected_referrer_samples': 100, 'country': u'US', 'detected_urls': 100, 'detected_communicating_samples': 100}
{'location_cname': u'UNITED STATES', 'location_city': u'MOUNTAIN VIEW', 'resource': '8.8.8.8', 'detected_communicating_file': 1000, 'detected_downloaded_file': 11, 'result': 'Data exists', 'detected_url': 1000}
$ python scan.py -c key.json -s -url ihaveaproblem.info
{'threatType': u'SOCIAL_ENGINEERING', 'resource': u'ihaveaproblem.info', 'platformType': u'ANY_PLATFORM'}
$ python scan.py -c key.json -v -m -s -url ihaveaproblem.info -o -d
[DEBUG] request ihaveaproblem.info to virustotal url scan
[DEBUG] request ihaveaproblem.info to virustotal domain report
{'positives': 6, 'response_code': 1, 'total': 68, 'resource': u'ihaveaproblem.info'}
{'domain_siblings': [], 'BitDefender domain info': 67, 'undetected_downloaded_samples': 7, 'whois_timestamp': 1479032079.93, 'detected_downloaded_samples': 9, 'response_code': 1, 'verbose_msg': u'Domain found in dataset', 'Websense ThreatSeeker category': u'phishing and other frauds', 'resolutions': 2, 'subdomains': [u'www.ihaveaproblem.info'], 'Opera domain info': 66, 'detected_urls': 41, 'categories': [u'phishing and other frauds']}
[DEBUG] saving ./ihaveaproblem.info_vt_url_scan.json
[DEBUG] saving ./ihaveaproblem.info_vt_domain_report.json
[DEBUG] saving ihaveaproblem.info_vt_url_scan.csv
[DEBUG] saving ihaveaproblem.info_vt_domain_report.csv
[DEBUG] request ihaveaproblem.info to malwares.com url scan
{'smishing': 0, 'positives': 6, 'response_code': 'Data exists', 'resource': u'http://ihaveaproblem.info'}
[DEBUG] saving ihaveaproblem.info_malware_url_report.json
[DEBUG] saving ihaveaproblem.info_malware_url_report.csv
[DEBUG] request ihaveaproblem.info to safe browsing
{'threatType': u'SOCIAL_ENGINEERING', 'resource': u'ihaveaproblem.info', 'platformType': u'ANY_PLATFORM'}
[DEBUG] saving ihaveaproblem.info_safe_browsing.json
[DEBUG] saving ihaveaproblem.info_safe_browsing.csv
Scanning an URL to VirusTotal, Malwares.com and Google Safe Browsing and Sending output to Slack Channel:
$ python scan.py -c key.json -v -m -s -slack -url ihaveaproblem.info
{'positives': 6, 'response_code': 1, 'total': 68, 'resource': u'ihaveaproblem.info'}
{'domain_siblings': [], 'BitDefender domain info': 67, 'undetected_downloaded_samples': 7, 'detected_downloaded_samples': 9, 'response_code': 1, 'verbose_msg': u'Domain found in dataset', 'Websense ThreatSeeker category': u'phishing and other frauds', 'resource': 'ihaveaproblem.info', 'resolutions': 2, 'subdomains': [u'www.ihaveaproblem.info'], 'Opera domain info': 66, 'detected_urls': 41, 'categories': [u'phishing and other frauds']}
{'smishing': 0, 'positives': 6, 'response_code': 'Data exists', 'resource': u'http://ihaveaproblem.info'}
{'threatType': u'SOCIAL_ENGINEERING', 'resource': u'ihaveaproblem.info', 'platformType': u'ANY_PLATFORM'}
$ python scan.py -c key.json -v -m -s -slack -url ihaveaproblem.info -d
[DEBUG] [VIRUSTOTAL] URL Scan : ihaveaproblem.info
[DEBUG] [VIRUSTOTAL] Domain Report : ihaveaproblem.info
{'positives': 6, 'response_code': 1, 'total': 68, 'resource': u'ihaveaproblem.info'}
{'domain_siblings': [], 'BitDefender domain info': 67, 'undetected_downloaded_samples': 7, 'detected_downloaded_samples': 9, 'response_code': 1, 'verbose_msg': u'Domain found in dataset', 'Websense ThreatSeeker category': u'phishing and other frauds', 'resource': 'ihaveaproblem.info', 'resolutions': 2, 'subdomains': [u'www.ihaveaproblem.info'], 'Opera domain info': 66, 'detected_urls': 41, 'categories': [u'phishing and other frauds']}
[DEBUG] Sending Message to Slack
[DEBUG] Sending Message to Slack
[DEBUG] [MALWARES.COM] URL Scan : ihaveaproblem.info
{'smishing': 0, 'positives': 6, 'response_code': 'Data exists', 'resource': u'http://ihaveaproblem.info'}
[DEBUG] Sending Message to Slack
[DEBUG] [SAFEBROWSING] : ihaveaproblem.info
{'threatType': u'SOCIAL_ENGINEERING', 'resource': u'ihaveaproblem.info', 'platformType': u'ANY_PLATFORM'}
[DEBUG] Sending Message to Slack
$ python scan.py -c key.json -s -url ihaveaproblem.info -r
{u'matches': [{u'threatType': u'SOCIAL_ENGINEERING', u'threatEntryType': u'URL', u'platformType': u'ANY_PLATFORM', u'threat': {u'url': u'ihaveaproblem.info'}, u'cacheDuration': u'300s'}]}